def account(username):
user: User = User.query.filter_by(username=username).first()
if not user:
abort(404)
if not user.can_see_edit_profile(current_user):
flash("Permission denied", "danger")
return redirect(url_for("users.profile", username=username))
can_edit_account_settings = user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \
user.checkPerm(current_user, Permission.CHANGE_RANK)
form = UserAccountForm(obj=user) if can_edit_account_settings else None
if form and form.validate_on_submit():
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
addAuditLog(severity, current_user,
"Edited {}'s profile".format(user.display_name),
url_for("users.profile", username=username))
# Copy form fields to user_profile fields
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
if user.username != form.username.data:
for package in user.packages:
alias = PackageAlias(user.username, package.name)
package.aliases.append(alias)
db.session.add(alias)
user.username = form.username.data
user.display_name = form.display_name.data
user.forums_username = nonEmptyOrNone(form.forums_username.data)
user.github_username = nonEmptyOrNone(form.github_username.data)
if user.checkPerm(current_user, Permission.CHANGE_RANK):
newRank = form["rank"].data
if current_user.rank.atLeast(newRank):
if newRank != user.rank:
user.rank = form["rank"].data
msg = "Set rank of {} to {}".format(
user.display_name, user.rank.getTitle())
addAuditLog(AuditSeverity.MODERATION, current_user, msg,
url_for("users.profile", username=username))
else:
flash("Can't promote a user to a rank higher than yourself!",
"danger")
db.session.commit()
return redirect(url_for("users.account", username=username))
return render_template("users/account.html",
user=user,
form=form,
tabs=get_setting_tabs(user),
current_tab="account")
def handle_set_password(form):
one = form.password.data
two = form.password2.data
if one != two:
flash("Passwords do not much", "danger")
return
addAuditLog(AuditSeverity.USER, current_user, "Changed their password",
url_for("users.profile", username=current_user.username))
current_user.password = make_flask_login_password(form.password.data)
if hasattr(form, "email"):
newEmail = nonEmptyOrNone(form.email.data)
if newEmail and newEmail != current_user.email:
if EmailSubscription.query.filter_by(email=form.email.data,
blacklisted=True).count() > 0:
flash(
"That email address has been unsubscribed/blacklisted, and cannot be used",
"danger")
return
token = randomString(32)
ver = UserEmailVerification()
ver.user = current_user
ver.token = token
ver.email = newEmail
db.session.add(ver)
db.session.commit()
flash("Your password has been changed successfully.", "success")
return redirect(url_for("homepage.home"))
def do_create_vcs_release(user: User,
package: Package,
title: str,
ref: str,
min_v: MinetestRelease = None,
max_v: MinetestRelease = None,
reason: str = None):
check_can_create_release(user, package)
rel = PackageRelease()
rel.package = package
rel.title = title
rel.url = ""
rel.task_id = uuid()
rel.min_rel = min_v
rel.max_rel = max_v
db.session.add(rel)
if reason is None:
msg = "Created release {}".format(rel.title)
else:
msg = "Created release {} ({})".format(rel.title, reason)
addAuditLog(AuditSeverity.NORMAL, user, msg,
package.getURL("packages.view"), package)
db.session.commit()
makeVCSRelease.apply_async((rel.id, nonEmptyOrNone(ref)),
task_id=rel.task_id)
return rel
def profile_edit(username):
user : User = User.query.filter_by(username=username).first()
if not user:
abort(404)
if not user.can_see_edit_profile(current_user):
flash("Permission denied", "danger")
return redirect(url_for("users.profile", username=username))
form = UserProfileForm(formdata=request.form, obj=user)
# Process valid POST
if request.method=="POST" and form.validate():
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name),
url_for("users.profile", username=username))
# Copy form fields to user_profile fields
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
user.display_name = form.display_name.data
user.forums_username = nonEmptyOrNone(form.forums_username.data)
user.github_username = nonEmptyOrNone(form.github_username.data)
if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
user.website_url = form["website_url"].data
user.donate_url = form["donate_url"].data
if user.checkPerm(current_user, Permission.CHANGE_RANK):
newRank = form["rank"].data
if current_user.rank.atLeast(newRank):
if newRank != user.rank:
user.rank = form["rank"].data
msg = "Set rank of {} to {}".format(user.display_name, user.rank.getTitle())
addAuditLog(AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username))
else:
flash("Can't promote a user to a rank higher than yourself!", "danger")
# Save user_profile
db.session.commit()
return redirect(url_for("users.profile", username=username))
# Process GET or invalid POST
return render_template("users/profile_edit.html", user=user, form=form, tabs=get_setting_tabs(user), current_tab="edit_profile")
class UserProfileForm(FlaskForm):
display_name = StringField("Display Name",
[Optional(), Length(1, 20)],
filters=[lambda x: nonEmptyOrNone(x)])
website_url = StringField("Website URL", [Optional(), URL()],
filters=[lambda x: x or None])
donate_url = StringField("Donation URL", [Optional(), URL()],
filters=[lambda x: x or None])
submit = SubmitField("Save")
class RegisterForm(FlaskForm):
display_name = StringField("Display Name",
[Optional(), Length(1, 20)],
filters=[lambda x: nonEmptyOrNone(x)])
username = StringField("Username", [
InputRequired(),
Regexp("^[a-zA-Z0-9._-]+$", message="Only a-zA-Z0-9._ allowed")
])
email = StringField("Email", [InputRequired(), Email()])
password = PasswordField("Password", [InputRequired(), Length(6, 100)])
agree = BooleanField("I agree", [Required()])
submit = SubmitField("Register")
def profile(username):
user = User.query.filter_by(username=username).first()
if not user:
abort(404)
form = None
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \
user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
user.checkPerm(current_user, Permission.CHANGE_RANK):
# Initialize form
form = UserProfileForm(formdata=request.form, obj=user)
# Process valid POST
if request.method == "POST" and form.validate():
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
addAuditLog(severity, current_user,
"Edited {}'s profile".format(user.display_name),
url_for("users.profile", username=username))
# Copy form fields to user_profile fields
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
user.display_name = form.display_name.data
user.forums_username = nonEmptyOrNone(
form.forums_username.data)
user.github_username = nonEmptyOrNone(
form.github_username.data)
if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
user.website_url = form["website_url"].data
user.donate_url = form["donate_url"].data
if user.checkPerm(current_user, Permission.CHANGE_RANK):
newRank = form["rank"].data
if current_user.rank.atLeast(newRank):
if newRank != user.rank:
user.rank = form["rank"].data
msg = "Set rank of {} to {}".format(
user.display_name, user.rank.getTitle())
addAuditLog(
AuditSeverity.MODERATION, current_user, msg,
url_for("users.profile", username=username))
else:
flash(
"Can't promote a user to a rank higher than yourself!",
"danger")
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
newEmail = form["email"].data
if newEmail != user.email and newEmail.strip() != "":
token = randomString(32)
msg = "Changed email of {}".format(user.display_name)
addAuditLog(severity, current_user, msg,
url_for("users.profile", username=username))
ver = UserEmailVerification()
ver.user = user
ver.token = token
ver.email = newEmail
db.session.add(ver)
db.session.commit()
task = sendVerifyEmail.delay(newEmail, token)
return redirect(
url_for("tasks.check",
id=task.id,
r=url_for("users.profile", username=username)))
# Save user_profile
db.session.commit()
# Redirect to home page
return redirect(url_for("users.profile", username=username))
packages = user.packages.filter(Package.state != PackageState.DELETED)
if not current_user.is_authenticated or (
user != current_user and not current_user.canAccessTodoList()):
packages = packages.filter_by(state=PackageState.APPROVED)
packages = packages.order_by(db.asc(Package.title))
topics_to_add = None
if current_user == user or user.checkPerm(current_user,
Permission.CHANGE_AUTHOR):
topics_to_add = ForumTopic.query \
.filter_by(author_id=user.id) \
.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
.order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
.all()
# Process GET or invalid POST
return render_template("users/profile.html",
user=user,
form=form,
packages=packages,
topics_to_add=topics_to_add)
